blacklist.rb - honeypot - A custom version of kippo used for SSH honeypot analysis and reporting.
(HTM) git clone git://jay.scot/honeypot
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
---
blacklist.rb (1039B)
---
1 #!/usr/bin/ruby
2
3
4 require 'rubygems'
5 require 'mysql'
6
7 # Set the dates we want to start at
8 date = Time.new
9
10 # Change pass to your password.
11 con_kippo = Mysql.new('localhost', 'kippo', 'pass', 'kippo')
12
13 rs_list = con_kippo.query("SELECT ip
14 FROM sessions
15 WHERE starttime LIKE '2011-#{date.month}%'
16 GROUP BY ip
17 ORDER BY ip")
18
19 ip_list = Array.new
20
21 while row = rs_list.fetch_row do
22 ip_list.push row[0]
23 end
24
25 rs_list.free
26
27 # You may want to define the absolute path in the following code blocks.
28 File.open('ip-list.txt', 'w') do |f2|
29 ip_list.each do|ip|
30 f2.puts ip
31 end
32 end
33
34 File.open('ip-list-iptables.txt', 'w') do |f2|
35 ip_list.each do|ip|
36 f2.puts "iptables -A INPUT -s #{ip} -j LOG --log-prefix \"Blocked: JayScott-Honeypot \""
37 f2.puts "iptables -A INPUT -s #{ip} -j DROP"
38 end
39 end
40
41 File.open('ip-list-cisco.txt', 'w') do |f2|
42 ip_list.each do|ip|
43 f2.puts "access-list 1 deny host #{ip}"
44 end
45 f2.puts "access-list 1 permit any"
46 end
47
48
49 con_kippo.close